Publicly available code allows hackers to disable Wi-Fi in a range of products.

The iPhone 4 and a slew of older devices from Apple, Samsung, HTC, and other manufacturers are vulnerable to attacks that can make it impossible to send or receive data over Wi-Fi networks, a security researcher said.

"The only requirement to exploit the vulnerability is to have a wireless card that supports [the] raw inject of 802.11 frames," Andrés Blanco one of the researchers from Core Security who discovered the vulnerability, told Ars. "The Backtrack Linux distribution has almost everything you need to execute the POC provided in the advisory."

The Core Security advisory said that Broadcom has released a firmware update that patches the "out-of-bounds read error condition" in the chips' firmware. Device manufacturers are making it available to end users on a case-by-case basis since many of the affected products are older and already out of service.

Blanco said the exploit makes it impossible for an affected device to send or receive data over Wi-Fi for as long as the DoS attack lasts. Once the malicious packets subside, the device will work normally. Other device functions are unaffected by the Wi-Fi service interruption. He said it's possible the bug could be exploited to do more serious things.

"We are not sure that we could retrieve private user data but we are going to look into this," he said.

Brief updated to add detail about about device functions in second-to-last paragraph.

Does this affect just Droid branded phones or Android phones in general? Because if it is the latter you should change your headline.

Edit: yes, give me downvotes because I am correct. Flawless logic. Droid is a BRAND and does not pertain to every Android phone.

Fozzybare, what's your support for saying you're "correct"? As you could have confirmed yourself by clicking on the advisory, the headline is correct in saying Droid, rather than Android. Please spend a minute or two thinking things over before posting comments.

24 Reader Comments

Why the hell is a car internet connected? That seems like it's almost asking for trouble when hackers start trying to crash cars for the heck of it... I understand why you could get traffic info in realtime or use Microsoft's Sync during Internet usage, but wouldn't the security implications outweigh the benefits as opposed to just using a phone to do the same job?

Pretty sure that the ford entertainment computers have an airgap from the engine computers. Then again... wireless tire pressure gauges in every new car (mandated by law) are a better vector into the engine computers.

A DOS attack against 802.11 that only lasts for as long as you keep sending bogus packets isn't particularly exciting however. It's already pretty easy to saturate an 802.11 channel, this just lets you do it without actually flooding the channel.

MyFord Touch (or My FordTouch or... wherever the space is) is rigged to be able to bridge a USB stick AirCard to its own WiFi network for use inside the car. However, as far as I know, it was only ever compatible with one or two specific ones from AT&T, and now MiFis have pretty much negated the need for such a thing, unless one just has an old one floating around.

You can configure it to connect to an outside wireless network, which was supposed to go with a rudimentary web browser to be added to the system later, but that hasn't happened, either.

Things like traffic data is fed by Sirius, so it comes from space instead of 802.11.

We basically never use it, so this isn't a big deal for us specifically, but it will be interesting to see how long it takes for us to be "notified" of this and what the fix winds up looking like. Probably dealer service (barf).

Does this affect just Droid branded phones or Android phones in general? Because if it is the latter you should change your headline.

Edit: yes, give me downvotes because I am correct. Flawless logic. Droid is a BRAND and does not pertain to every Android phone.

Fozzybare, what's your support for saying you're "correct"? As you could have confirmed yourself by clicking on the advisory, the headline is correct in saying Droid, rather than Android. Please spend a minute or two thinking things over before posting comments.

Pretty sure that the ford entertainment computers have an airgap from the engine computers. Then again... wireless tire pressure gauges in every new car (mandated by law) are a better vector into the engine computers.

Pretty sure that the ford entertainment computers have an airgap from the engine computers. Then again... wireless tire pressure gauges in every new car (mandated by law) are a better vector into the engine computers.